From 1b1919ba8aa8fb5f9d0e88540723395a72952f06 Mon Sep 17 00:00:00 2001 From: Maxime Meignan Date: Wed, 29 Nov 2023 14:30:07 +0100 Subject: [PATCH] Introduced the info about atomic/non-atomic write primitives --- EDRSandblast/Includes/KernelMemoryPrimitives.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/EDRSandblast/Includes/KernelMemoryPrimitives.h b/EDRSandblast/Includes/KernelMemoryPrimitives.h index 866520e..8f86839 100644 --- a/EDRSandblast/Includes/KernelMemoryPrimitives.h +++ b/EDRSandblast/Includes/KernelMemoryPrimitives.h @@ -6,23 +6,28 @@ #define DBUtil 1 #define GDRV 2 // Select the driver to use with the following #define -#define VULN_DRIVER RTCore +#define VULN_DRIVER GDRV +//TODO : design a way to make an atomic write given a non-atomic one +//idea : modify a PTE to mark a page userland-reachable and perform the write from the process #if VULN_DRIVER == RTCore #define DEFAULT_DRIVER_FILE TEXT("RTCore64.sys") #define CloseDriverHandle CloseDriverHandle_RTCore #define ReadMemoryPrimitive ReadMemoryPrimitive_RTCore #define WriteMemoryPrimitive WriteMemoryPrimitive_RTCore +#define WriteMemoryPrimitiveIsAtomic 0 //RTCore only allows to write up to a DWORD at a time #elif VULN_DRIVER == DBUtil #define DEFAULT_DRIVER_FILE TEXT("DBUtil_2_3.sys") #define CloseDriverHandle CloseDriverHandle_DBUtil #define ReadMemoryPrimitive ReadMemoryPrimitive_DBUtil #define WriteMemoryPrimitive WriteMemoryPrimitive_DBUtil +#define WriteMemoryPrimitiveIsAtomic 1 //DBUtil allows to write an arbitrary size #elif VULN_DRIVER == GDRV #define DEFAULT_DRIVER_FILE TEXT("gdrv.sys") #define CloseDriverHandle CloseDriverHandle_GDRV #define ReadMemoryPrimitive ReadMemoryPrimitive_GDRV #define WriteMemoryPrimitive WriteMemoryPrimitive_GDRV +#define WriteMemoryPrimitiveIsAtomic 1 //DBUtil allows to write an arbitrary size #endif BYTE ReadMemoryBYTE(DWORD64 Address);